0 risk management for banks: challenges and opportunities corporate governance program for directors...
TRANSCRIPT
1
Risk Management for Banks: Risk Management for Banks: Challenges and OpportunitiesChallenges and Opportunities
Corporate Governance Program for Corporate Governance Program for Directors of Indian BanksDirectors of Indian BanksMumbai, IndiaMumbai, IndiaDecember 16, 2005December 16, 2005
Mark Lawrence, Ph.D.Mark Lawrence, Ph.D.
Former Chief Risk Officer, Australia and New Zealand Former Chief Risk Officer, Australia and New Zealand Banking Group, Melbourne, AustraliaBanking Group, Melbourne, Australia
[email protected]@lawrence.net
2
ANZ• Established in 1835
• Strong positions:
• Australian “Bank of the Year” six years in a row
• New Zealand’s largest bank
• The leading Australian bank in Asia
• The leading bank in the South Pacific
• 31,000 people serving more than 5 million customers across 27 countries
• Strong performance:
• Assets exceed US$210 billion (Sept 2005), Cost/Income ratio 45.6%
• 10 year average total shareholder return 24% (2005: 33%)
• 2005 Profit After Tax US$2.3 billion, Return on Equity 17.5%
• Non-Performing Loans/Avge. Net Advances 0.26% (2005)
• Net Specific Provisions/Avge. Net Advances 0.15% (2005)
• Overall staff satisfaction 85% positive
• Market capitalization exceeds US$32 billion today
• Rated AA-
3
Example: the Risk Management “journey” – ANZ built its risk management capability over more than a decade
Prior to 1994 No formal combined “Risk Management” function, but ANZ had a credit “workout” area, separate Retail and Corporate Credit Risk Management
functions, and an operational risk function; Rudimentary risk grading and pricing processes; no risk-based capital allocation
1995 Credit risk unit formed, with a particular emphasis on handling actual and prospective property portfolio. First credit risk grading models built – Probability of Default, Loss
Given Default 1996–97 Board Risk Management Committee supersedes the Credit Committee;
Regulatory Compliance framework implemented; Economic Capital for credit risk; Economic Value Added (“EVA”) models implemented for compensation
1999 Market and Operational Risk capability strengthened 2000 Operational Risk economic capital model developed and implemented;
Creation of dedicated Retail Risk function 2001 Basel II project commenced 2002 Substantial Risk Management capability embedded in consumer businesses 2003 Increased focus on the management of project risks;
Formal Risk Management involvement in Strategy 2004 Specialised Technology Risk function created;
Group Compliance framework enhanced
Source: “The ANZ Risk Management Framework”, CRO presentation to investors, 27 July 2004 http://www.anz.com/aus/shares/presentations/speeches/2004.asp
4
Agenda (I): Risk Management Best Practices
• The Importance of Risk Management for Banks
• Risk Management Objectives and Fundamentals
• Principal Risk Categories: Credit, Market, Operational Risk
• Risk Governance and Functional Risk Management Organisation
• Risk Measurement:
• Expected and Unexpected Loss
• The Role of “Economic” or “Risk” Capital
• Balancing Risk and Return
• Role of the Chief Risk Officer
• Risk Management For Competitive Advantage
5
The Need for Risk Management
The Drivers The Consequences
Performance, Losses, Competition
Market Scrutiny, Technology
• Increased Complexity
• Increased Governance
• Increased Transparency
• Globalising Standards
• New Regulation: Basel II (2004)
• Risk Management for Competitive Advantage
6
The “Vicious Cycle” of Risk
Incur Large Losses
Forego Economic Risks
Clamp Down on Lending/Risk Taking
Take Uneconomic Risks
Lose Market Share/Profits
Drive Growth Aggressively
7
Some principles about banking and risk
Since the future is uncertain, you can’t generate returnswithout taking risk:
•Capital and expenses come first, and are certain – revenues come later (and are uncertain)
•You can’t divorce the level of risk from the expected level of return - the higher the desired return, the more risk you must be willing to take
•Half the time you can expect the mean return or more, and half the time, the mean return or less
•Diversification is necessary to lower the average total risk
8
Some principles about banking and risk (Cont.)
That said, banks need to be low-risk:
•Society relies on the effective functioning of the banking system
•The system is based on confidence and trust
•The main source of funding is customer deposits
•Banks are the main mechanism for domestic and international payments
•Main vehicle for storing non-real estate wealth
•(Australian banks raise most of the country’s external debt)
•… hence the importance of reputation and confidence
* Reputation follows behaviour; thus need to build and sustain trust
9
Some principles about banking and risk (Cont.)
There is a limit to the level of risk a commercial bank can take
•Fundamentally, businesses depend on their ability to fund themselves and generate cash
•Companies go bust when they run out of cash. They run out of cash when they are not viable economically, or lose confidence
•Failure usually happens when you get the basics wrong, not the subtleties
•The amount of risk that is acceptable is fundamentally determined by the need to raise funding (and, where applicable, to preserve credit ratings)
•Banking is a cyclical business:
Leveraged to the economic cycle
High operating leverage – fixed costs around 50% of revenues (Australia)
In Australia, average margins on assets and liabilities are very low – less than 2.50%, so financial risk tolerance must also be low – 97.5%, 99.97% confidence levels are used in risk measurement
10
Some principles about banking and risk (Cont.)
• If you take all the opportunities on the way up…
… you get all the losses on the way down! • History shows that banks periodically get it materially wrong (eg early 1990’s in USA, UK, Australia and elsewhere)
• … but recent advances in risk management (especially credit risk) have borne fruit, e.g. very few bank failures in the USA, UK and Europe during the recent economic downturn of 2001 - 2002
To be successful, banks must remain successful and viable at every point on the economic cycle…
11
Some principles about banking and risk (Cont.)
Fundamentally the level of risk is determined by:
• the decision to be in a business,
• the extent to which you participate,
• the capability and culture of the organisation, and
• the quality of the people you put in charge of the business
This governs 80% of the outcome
The balance is in how this is executed
Note: Culture is a dominant factor in risk outcomes, including incentives/compensation
*** Strong leadership from the top on risk matters is essential, to ensure a strong “risk culture”
12
Core Objectives of Risk Management
Maintenance of solvency: constrain losses to within acceptable levels at all points through the economic cycle
Ensure risks are transparent and well understood, both internally and externally (owners and shareholders must understand the risks they are investing in)
Ensure risks taken are consistent with organisational capability and appetite
Today: Risk Management as a foundation for sustainable growth and a source of competitive advantage
13
Components of an Effective Risk Management Process
Risk Governance
Risk Identification
Risk Measurement
Risk Management: Policy and Process
Risk Reporting
Policy and Process Compliance (Internal Audit)
14
Specific Risk Types
Credit Risk
The risk that a financial institution makes a loss as a result of less than full payment of an obligation
Market Risk
Risk of loss due to changes in market prices or variables
Operational Risk
Historically: “Other risks”
More precisely (Basel II definition): “the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events”
15
Typical “Economic” or “Risk” Capital Allocation
Credit RiskCredit Risk50 - 65%50 - 65%
Market RiskMarket Risk5 - 25%5 - 25%
Operational and Business RisksOperational and Business Risks10 - 30%10 - 30%
16
Fundamental Importance of Credit Risk
The largest risk for most banks (operational risk largest risk for some)
Assessing and managing credit risk is a core competency of banks, and a key driver of bank performance
Very significant advances in credit risk measurement have occurred over the past ten years, including development of sophisticated models for estimation of “Probability of Default” (PD) and “Loss Given Default” (LGD), for corporate, banks, small business and consumers
Significantly improved ability to manage credit risk on a portfolio basis by more sophisticated banks
But data limitations are significant in many markets
These models actually work: most successful Australian banks now have non-performing loans (90 days in arrears) less than 0.5% of lending assets (ANZ less than 0.3%)
17
Market Risk
Market Risk is the risk of loss due to changes in market prices or variables, eg:
Interest Rates
Exchange Rates
Equity Prices
Option “Implied Volatilities” (for derivatives)
Credit Spreads
Commodity Prices
Principal points of Impact:
Balance Sheet – managing the interest rate mismatch between assets and liabilities
Traded Market Risk
Currency translation risk for offshore operations
18
Operational Risks - the oldest risks?
System failuresFines
Resulting in:
direct loss expensedistraction
indirect lossreputationopportunity
19
The Importance of Operational Risks
• Recent experience in advanced banking markets makes it clear that risks other than credit and market risks can be substantial:
Barings Enron/Worldcom 9/11 Allfirst (Allied Irish - Baltimore) Life insurance & pension mis-selling in UK “Spitzer” issues - Underwriting/research conflicts + Mutual fund scandals (etc) Environmental (e.g. New Orleans)
Deregulation & globalisation of
financial services
Growing sophistication
of financial technology
Activities of Banks (& their risk
profiles) more diverse & complex
20
Whichever way you look, operationally we are becoming more complex and inter-dependent….
Technology
Concentration
Globalisation
Diversification
Business strategy
Statutory, Regulatory & Contractual
Economic, Cultural & Political
Partnering, alliances, outsourcing & JVs
21
…resulting in greater focus on Operational Risk by financial services providers, government & others…
Financial Services (Banks, Insurance Companies, Fund Managers)
• Specialist Operational Risk functions• Framework, policy, measurement and monitoring• Capital allocation for operational risk – now happening• Loss, event and near-miss data collection & analysis• Extensive, ‘what if’ scenario analysis• Business continuity testing and crisis management training• Executive and Board Risk Committees
Government
• Consumer protection• Corporate Governance • Basel II • Sarbanes Oxley• Standards & Guidelines
Others
• Sustainability• Reputation indices• Rating Agencies
22
…and a consensus definition of Operational Risk
“the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events“
• This (Basel II) definition includes legal risk but excludes strategic and reputational risk
• More specifically, losses may result from: fraud or forgery failure to comply with policies, procedures, laws and regulations a breakdown in the availability or integrity of services, systems and
information reputational damage
23
Risk Governance Example: Board and Executive Risk Committee Structure
• Policy• Major Lending Decisions• Asset Writing Strategies• Portfolio• Trading Risk
• Balance Sheet and Liquidity Risk
• Payments/ operational risks
• Physical and Information Security
• Compliance
Board
Board Risk Management CommitteeBoard Audit Committee
Credit & TradingRisk Committee
(CTC)
Asset & Liability Committee
(GALCO)
Operational RiskExecutive
Committee (OREC)
Project & Initiative Review Committee
(PIRC)
• Project risk
• Project governance
• Project priorities
Principal Executive Risk Committees
24
The Board is responsible for setting the overall corporate governance strategy
The Risk Management Committee ("RMC") is a Board committee focused on the review of risks in the business. Comprised of Non-Executive Directors, it is responsible for overseeing, monitoring and reviewing the Group’s risk management principles, policies, strategies, processes and controls including those for credit, market, operational, liquidity and reputational risks. The RMC authorizes the Group’s limits frameworks, and delegates limits to the Executive Risk Committees*.
The Executive Risk Committees are the senior executive management committees responsible for the oversight of various risks. Their role is to oversee the management of significant risks and support the RMC in respect of its duties. Members include CEO, CFO, Chief Risk Officer (CRO), Business Unit Heads and Risk Management staff
The Internal Audit function is independent from the Risk Management function, and provides independent assurance regarding the effectiveness of the risk management framework and controls.
* See example RMC Charter at: http://www.anz.com/australia/aboutanz/corporateinformation/corpgovpolicy/
Risk Governance Example (Cont.)
25
Risk Management Functional Model (Example)
Specific BU Risk Functions
• Operational Risk mgmt & compliance
• Credit Process support
• Asset writing strategies
• BU-specific risks
• BU risk reporting• Transaction Approval < risk threshold • Risk data entry and quality assurance
Risk “Shared Services”• Asset Recovery• Risk systems development and operations• Divisional asset quality reporting• Compliance Review and Support• Group Investigations• Payments Risk, Information Security• Business Continuity & Crisis Mgmt• Insurance
Group Centre Business Units
Central Risk Governance• Governance & Framework
• Risk and Compliance Strategy and Policy• Risk Measurement methodology & models (development,
validation and approval)- Internal Credit Rating Tools - Expected Loss + Economic Capital models (all risks)
• Risk and Compliance systems design & assurance• Risk and Compliance Reporting for Board/Market/
Regulatory/Rating Agency and other requirements• Portfolio Analysis and Response• Emerging risk identification and response• Market Risk reporting and limit compliance• Risk and Compliance Review • Transaction approval > risk threshold (fn of size & complexity)
** Key Q: where should Risk “Shared Services” be located?
** Cultural considerations will drive the outcome here!
Why go to the Centre?- Centre of Excellence- Efficiency/avoid duplication
Why go to the Business Units?- BU Ownership and Accountability- BU control over Cost? (vs cost allocation
from centre)
26
Example: Central Risk Management Structure
Chief Risk Officer
Operational &Technology Risk Compliance
Wholesale Credit Risk Market Risk Basel II
ImplementationRetail Credit
RiskRM Chief Operating
Officer
Chief ExecutiveOfficer
27
How is this effective?
• Strong “risk culture” across the Group, driven by the Board and CEO
• Partnership between Group Risk Management (GRM) and the Business Units
• Clarity of roles and accountabilities for risk management, with a clear separation of duties
• Open and transparent communication and escalation of risk issues
• “bad news must travel quickly”
• Independent group• Global accountability to the CEO and Board
for the effectiveness of the Group's risk management framework, including risk policy, and for the risk governance of the total group portfolio
Business Units
• Fully accountable for risk outcomes in their business
• Within the central framework set by GRM, BUs are accountable to the Group for the realisation of returns, whilst delivering these within the articulated risk appetite
• Dual reporting of Business Unit Risk Heads to BU Managing Director and CRO
Group Risk Management
28
Banks hold Economic Capital for “Unexpected Loss”
Conceptual Framework:
Applications:
• Measure risk-adjusted profitability and ensure efficient usage of shareholder funds
• Portfolio risk management in the setting of limits & reporting of portfolio credit quality
• Risk models employed to quantify economic risk are used to allocate “economic” or “risk” capital - the amount of capital needed to support an organisation’s risk-taking activities
• Risk capital allocation systems are typically based on institutional estimates of their loss distributions for the relevant risk types
• Economic capital allocated to a particular activityreflects that activity’s marginal risk contribution to the organisation, taking into account diversification (where possible).
Zerolosses
Expected level of loss (cost of doing
business)
‘Unexpected loss’for which capitalshould be held
Potential catastrophic ‘unexpected loss’
against which it is too expensive to hold
capital
Probabilityof loss
29
The “risk spectrum”
Modelled
RISKSNot Modelled
Market
Credit
Liquidity
Business/Strategic
UnderwritingReputational
Enterprise Value
Downside Risk is mostly here• Regulators & Debt Holders focus on this side because concerned about protection from default and systemic risk
• Executives often delegate management of these to Risk Managers, who try to quantify them
Upside rewards are here• Equity Holders (& Managers with Equity stakes) very concerned about these
• Executives often manage these themselves!
Operational
Tax
ECONOMIC C
APITAL
FOR A
LL THESE R
ISKS
?
30
“RAROC” Method of Pricing Loans for Risk
Component Example Source
Cost of Funds 6.00% Funds Transfer Pricing SystemsLoan LossProvision 0.53% Credit Risk ModelsDirect Expense 0.15%Indirect Expense 0.15% Product Cost Accounting SystemsOverhead 0.10%
Total charges beforecapital charge 6.93%
Capital Charge 0.45%
Total Required “Breakeven” Loan Rate 7.38%
Capital calculationAllocated equity/loan = 6.7%Opportunity cost of equity = 12% (“hurdle rate”)FTP Benefit = 6%After tax capital charge = 0.067x (0.12 - 0.06) = 0.4%Tax Rate (imputation-adjusted) = 0.108Pre-tax capital charge = 0.4%/0.892 = 0.45%
31
Balancing Risk and Return
The key is to find the right balance between
risk and return:
•This is one of the key responsibilities of the Board and CEO
•Fundamentally the taking and management of risk for a return is a business line function
•The mission is to stay within the “expected” loss rate, which is built into business plans, pricing and margins
•However, invariably businessmen, including bankers are on balance, optimistic…
•Since uncertainty and business “fade” increases with time, higher discount rates are needed for future cash flows, and this rarely happens…
•Therefore need for Board, CEO and Chief Risk Officer to maintain a balanced perspective
•Supported by objective advice and control by professional risk managers
•Governed by the Board, and its Risk Management and Audit Committees
32
The Role of the Chief Risk Officer (CRO)
• Understand the business!
• Understand the risks:
Identification, assessment, measurement, mitigation/response, policy, monitoring, reporting…
• Understand (and shape) the risk strategy and appetite of the organisation
• Understand the needs of all stakeholders: Board, CEO, Executive Management, Regulators, Rating Agencies, Investors, Staff, Customers, Community
• Ensure agreement re: expectations of the CRO role, and how risk management performance will be measured
• CRO is “Chief Transparency Officer” – need to ensure “bad news travels” – high level of integrity required
33
The Opportunity…
To create and position Risk Management in
our organisations as a source of distinction
and competitive advantage, underpinning
sustainable performance and growth
34
Agenda (II): Basel II
• Basel II – What is it?
• Impact of Basel I
• Key Changes in Basel II
• Implementation Challenges
• Operational Risk Capital
• Pillar 3
• Home/Host Issues and Challenges
• Basel II Implementation: Key Next Steps For India
• Conclusion
35
Basel II - what is it?
• The method for determining the minimum amount of regulatory capital a bank should hold is set by the “Basel Committee”, a sub-committee of the Bank for International Settlements, and is known as the “Basel Capital Accord”, implemented in 1988.
• A new framework has been developed over the past 6 years that is commonly known as Basel II. These new proposals are designed to replace the 1988 Accord with a more “risk sensitive” regulatory capital framework.
• The key objective of Basel II is to improve stability of the global financial system by encouraging improved risk management practices and requiring banks to hold a level of capital which is commensurate with their risk profile.
36
Two main objectives lay behind the adoption of a single capital standard for internationally active banks:
• To help strengthen the soundness and stability of the Banking system by encouraging banking organisations to boost their capital positions
• By adopting a standard approach across banks in different countries it would act to reduce competitive inequalities
The structure was intended to:• Make regulatory capital more sensitive to risk profiles among banking
organisations• Take off-balance sheet exposures into account when assessing capital
adequacy• Lower the disincentives to hold liquid, low risk assets.
The 1988 Basel Accord – “Basel I”
37
The Basel Committee Study of 1999 into the impact of Basel I, suggests that:
• Relatively weakly capitalised banks improved their capital ratios, and overall capital levels increased in most countries.
• Bank regulatory capital pressures during cyclical downturns in the US and Japan may have limited bank lending in these periods and contributed to economic weakness in some sectors
• Banks have learnt to exploit the broad-brush nature of the Basel I requirements – in particular the limited relationship between actual risk and the regulatory capital charge. For a number of banks this has started to undermine the meaningfulness of the requirements.
• Mixed conclusions as to whether the uniform nature of the regulatory capital charge within asset class may induce banks to substitute towards riskier assets in the class – thus leading to a rise in the riskiness of the banks’ portfolios. (There are clearly other considerations that may influence this position eg. bank risk appetite, market disciplines, regulatory and rating agency influences etc.)
The Impact of Basel I
38
Basel II consists of three mutually reinforcing pillars:
Pillar 1: Minimum Capital Requirements
Pillar 1 provides the calculation methods that will be used to determine the minimum amount of regulatory capital a bank must hold in the three major types of risks a banking operation faces - credit risk, market risk and operational risk.
A menu of approaches is available to measure:
Credit Risk (Standardised, Foundation internal ratings based approach and Advanced internal ratings based approach - the latter two requiring the application of sophisticated and rigorous credit risk modelling capabilities)
Operational Risk (Basic Indicator, Standardised and Advanced measurement approaches). The requirement to hold regulatory capital for operational risk is a material new requirement.
Market Risk (Standardised and Internal models approach). This element is almost completely unchanged in the new framework following its overhaul in 1996.
Basel II: The Three Pillars
39
Pillar 2: The Supervisory Review Process
Pillar 2 requires regulators to ensure each bank has sound internal processes in place to assess the adequacy of its capital (based on a thorough evaluation of the risks), with the supervisor placing considerable emphasis on the effectiveness and robustness of a bank’s internal risk management capability.
Pillar 3: Market Discipline
Pillar 3 aims to bolster market discipline through enhanced disclosure of risk information to the market. More detail will be disclosed to the market on the types of loans a bank carries, the rate at which loans default and how well credit rating tools predict these defaults.
Market participants will have more information to better understand bank risk profiles and the adequacy of bank capital positions.
Basel II: The three Basel Pillars (cont.)
40
The Basel II Approaches to Credit and Operational Risk Capital
Minor modifications to the current (Basel I) Accord, allowing the use of external ratings and some collateral recognition.
StandardisedInternal Ratings Based (IRB)
- FoundationInternal Rating Based (IRB) -
Advanced
Allows application of internally developed rating systems (default probabilities) with greater recognition of physical collateral.
Internally determined default probabilities, loss given default and exposure at default factors can be used, subject to very stringent criteria.
A coarse calculation based upon a straight percentage (15%) of gross income.
Basic Indicator ApproachStandardised Approach for
Operational RiskAdvanced Measurement
Approaches
A similar calculation based on a % of gross income using distribution factors across eight Basel-defined business lines.
A range of advanced capital assessment techniques will be allowed, subject to a set of stringent qualifying criteria.
Credit Risk Capital
Operational Risk Capital
41
• The risk-weighting functions used to determine credit risk capital in the advanced approaches under Basel II provide a much more accurate measure of risk compared to the crude risk weights used in Basel I. However, concentration and diversification are not taken into account in the Pillar 1 formulae
• Addresses the principal weaknesses of Basel I, in particular removing incentives to arbitrage the capital requirements through securitisation
• Inclusion of a regulatory capital charge for operational risk
• Advanced approaches require the embedding of risk management tools and systems in day-to-day bank management
• Framework matches the entity in terms of its level of sophistication resulting in a more tailored approach commensurate with a bank’s risk profile
Key changes in Basel II
42
Key changes in Basel II (cont.)
• Pillar 2 provides supervisors with a framework that enables a better understanding of the risks associated with a bank’s businesses – the new Accord places a far greater emphasis on assessing the appropriateness of internal risk management processes including risk management practices, governance frameworks, risk measurement philosophies and bank risk profiles.
• Greater disclosure will help ensure banks maintain prudent lending standards and focus on improving and keeping pace with evolving risk management practices
• While many of these changes are positive, “procyclicality” is an issue of material concern to many.
43
120%
100%
80%
60%
40%
20%
0%
Govt 0%
Banks 20%
Remainder eg Personal/
Corporates 100%
Mortgages 50%
Ris
k W
eig
hts
600%
100%
80%
60%
40%
20%
0%Increasing default risk
Ris
k W
eig
hts
Basel I Basel II
• The blunt risk weights and capital attribution of Basel I have been considerably refined (using complex formulae) in the IRB approaches in Basel II
Risk weight sensitive to borrower’s credit risk
Basel I Risk Weights versus Basel II
44
Challenges faced by banks in implementing Basel II
Basel II is far more complex than its predecessor – the current Basel Accord - and considerably more comprehensive in its coverage. Some of the key issues Banks and regulators are facing as part of its implementation are:
• Rigorous credit rating tool validation requirements
• Insufficient data in certain products or geographic segments to meet the long-run “through the economic cycle” needs of Basel II
• Obtaining business buy-in to Basel II – are the benefits worth the cost?
• Managing the change process
• Board involvement and Risk Governance requirements
• IT systems developments, enhancements and integration
• Implementation challenges for the new operational risk framework
• Pillar 3 reporting under Basel II
• Inconsistent application of Basel II across jurisdictions
45
Operational Risk Capital
Regulatory Capital for Operational Risk:
• Basel I (1988 - now)
- zero
• Basel II (2008 onwards)
- substantial!
46
Capital for Operational Risk: The Big Controversy!
• How much capital should be held for Operational Risk?
~20%? (Basel CP2, January 2001)
~12%? (Final Basel Accord, June 2004)
(Other?)
* The magnitude of this shift illustrates the difficulty of the measurement challenge!
47
Operational Risk: The Difficulty of Measurement
In recent years, we have seen the first serious attempts to measure operational risk… the birth of a new discipline!
• The industry has made great progress, but difficult questions remain:
1. What are the principal determinants of the level of Operational Risk?
2. What are the key differences between Operational, Credit and Market Risks? Which statistical methods used to measure Credit and Market Risk are applicable to Op Risk?
3. When is historical loss experience a reliable guide to Operational Risk in the future? More generally, how can Operational Risk measures be made forward-looking?
4. What is the role of historical information, including loss data?
48
The industry has made great progress, but difficult questions remain:
5. When is external information (including loss data) relevant? How should it be used?
6. How should specific operational scenarios be incorporated in the measurement of Operational Risk?
7. What about “Key Risk Indicators”?
8. How can we incorporate an assessment of the quality of operational processes and internal controls into the Op. Risk measurement process? How important is this?
9. What is the role of Senior Executive judgment in the Operational Risk measurement process? Where is the “right” balance between quantitative and qualitative factors?
10. How can unexpected loss and capital be measured?
The Difficulty of Measurement (cont.)
49
“Let a thousand flowers bloom…”!!
• A great deal of effort has been expended on these issues…
• … and Basel II (AMA) is providing strong impetus to these efforts
• However, there is as yet NO consensus about the answers to these questions…
The Difficulty of Measurement (cont.)
50
Key Question: What is the “right” way to measure Operational Risk?
How shall we recognise the answer to this question?
What criteria should we use?
A related question: How can Operational Risk measures be “validated”? (What does this mean, exactly?)
How do we satisfy Basel’s requirement for 99.9% confidence?
The Difficulty of Measurement (cont.)
51
Although “1,000 flowers are blooming”, there are 3 principle methods in use in leading banks today:
• Loss Distribution Approach (statistical, based primarily upon historical loss data, akin to “VaR for Operational Risk”)
• “Scorecard” or “Risk Drivers and Controls” Approaches (more qualitative, not based primarily on historical loss data - see Risk Magazine article, November 2000 + Risk Management seminar presentation: “Key Elements of an Effective Operational Risk Framework”, Amman, 7 March 2005)
• Scenario-driven methods (employing expert business judgment)
Regardless of which method is chosen, to qualify for AMA accreditation under Basel II, a bank must clearly specify how its method makes use of the 4 required elements:
Internal data
External data
Quality control assessments
Scenarios
Industry Approaches to Measuring Operational Risk
52
• Pillar 3 imposes considerable reporting requirements on Banks seeking to use the advanced approaches – these are in addition to accounting standards (and listing rules)
• The disclosure regime in Pillar 3 is tied to the sophistication of the capital approach adopted. Indeed, the use of more sophisticated approaches is conditional on making the required disclosures, which are quite voluminous and prescriptive in nature
• In simple terms, the greater the reliance on internal models (as opposed to supervisor estimates), the more risk information that has to be disclosed
• The principal intention of the disclosure requirements is to enable the market to better understand the risk profile of the bank, and to provide a basis for comparison of risk profiles between banks.
Basel II: Pillar 3 requirements
53
Pillar 3 - Summary
Table Subject
1 Scope of application
2 Capital structure
3 Capital adequacy
4 Credit risk – general
5 Credit risk – Standardised and FIRB
6 Credit risk – IRB
7 Credit risk mitigation – Standardised & IRB
8 Securitisation – Standardised & IRB
9 Market risk – Standardised
10 Market risk – internal models
11 Operational risk
12 Equities
13 Interest rate risk in banking book
54
Example of what is required
Table 6: Credit risk – disclosures for portfolios subject to IRB approaches
Requirements include:
• Explanation and review of the: • Structure of internal rating systems and relation between internal
and external ratings;• Use of internal estimates other than for IRB capital purposes;• Process for managing and recognising credit risk mitigation; and• Control mechanisms for the rating system including discussion of
independence, accountability, and rating systems review.
• Description of the internal ratings process (provided for five asset classes), including (for each class):
• Types of exposures in the classes• Definitions, methods and data used for the estimation and
validation of PD, LGD (and) EAD for Advanced IRB banks
• Comparison of actual losses for the preceding period and how this differs from past experience and estimated losses.
55
• Closer cooperation between supervisors will assist in the the implementation efforts of both supervisors and banking groups and is essential in the effective implementation of Basel II.
• This level of cooperation will differ across the various activities required in the new Accord, eg
- Pillar 1 approval and validation of rating models and processes- Pillar 2 supervisory review processes and ongoing assessments to verify
that banking groups are applying the new accord properly and that conditions for advanced approaches continue to be met.
• Banks have an important role to play in assisting the effective cross-border implementation efforts of supervisors
• The Basel Committee does not mandate a common approach across all jurisdictions, but a set of Principles for Home/Host supervision have been published to assist supervisors in their work in this area.
“We have to recognise that there will always be differences in interpretation and application which are inevitable and even desirable to accommodate the many differences among the world’s banking systems.”Chair of Basel’s Accord Implementation Group, Nick Le Pan quote from “Global Risk
Regulator” February 2003
Home/Host issues: Basel’s perspective
56
• The Basel Committee principles for Home/Host supervision, while conceptually sound, fall short of providing workable solutions in practice
• Regulatory Capacity: challenge of overcoming a shortage of appropriately skilled resources to be able to review banks’ level of compliance with the new Accord (esp. Pillar II) and administer the more advanced requirements of Basel II
• Statutory and legal obstacles to closer cooperation amongst supervisors
• Need to develop processes and techniques to allow regulators to collaborate effectively, particularly when international banking conglomerates cover multiple countries (eg Citigroup operates in over 100 countries)
• Concerns have been expressed publicly by some regulators and banks that there is a potential for some national supervisors to be more conservative in their interpretation and application of the new Accord, whilst others may operate on a more lenient approach, creating unlevel playing fields across countries
Supervisory Challenges for Home/Host Supervision
57
• Banks are concerned that having to accommodate differing supervisory implementation frameworks will result in an over burden of reporting regimes and repetitive review of their Basel II frameworks. While banks appreciate that in some jurisdictions the peculiarities of the banking system may require subtle differences in the application of Basel II, in the main there is considerable scope for consistency in the application of the Accord
• International banks are faced with developing systems to cope with and run multiple reporting requirements:
Basel I Basel II Standardised Approach Basel II Foundation IRB Basel II Advanced IRB
• The development, testing, implementation and maintenance of parallel systems and processes to accommodate different regulatory approaches has the potential to result in a substantial diversion of risk resources and cost - away from the improved management of risk that Basel is designed to achieve
Bank Challenges for Home/Host Supervision
58
• Finalise choice of Pillar I options + Pillar II approach: Decisions must be made re: national discretions within Standardised Approach for Credit Risk (understanding of approaches used in other emerging market countries and elsewhere within the region will assist) Assess infrastructure requirements Assess requirements for potential future availability of advanced approaches (IRB and AMA) and determine strategy and timeframes, as appropriate Assess resource deficiencies, incl. industry and supervisory capacity
• Establish/enhance effective dialogue between RBI and relevant foreign supervisors re: Home/Host issues & cross-border supervision
• Consider Indian participation in international working groups, as appropriate:
• Industry groups, e.g. IIF Committees• Supervisory working groups re: Basel II implementation
Basel II Implementation: Key Steps
Effective dialogue between the industry and supervisor is essential for success!
59
Risk Management and Basel II – Inextricably Linked!
The way forward for India?
• Continue to deepen the collaborative dialogue between industry and regulators, to deepen shared understanding of the challenges and opportunities for strengthening risk management capability in Indian banks
• Acceptance of pragmatic solutions to the challenges of Basel II implementation
Work to ensure that bureaucracy and costs are minimised, & business benefits maximised
• The main goal is improved risk management, not regulatory compliance!
• This is a journey that will take some time… begin as soon as possible!
Conclusion